[jcifs] WCF Ntlm JAXWS jCIFS Samba Interoperability problem

Tom Maher tom.maher at ardentiasearch.com
Thu Mar 6 12:59:14 GMT 2008 

I have a web service that is used to provide SSO (Single Sign On) to a Java
server application.

The Java server application hosts the web service using JAX-WS (Java API for 
Xml Web Services) which is part of the WSIT (Web Service Interoperability
Technology) used to interop with WCF. The Ntlm authentication is carried out by
using a NtlmHttpFilter provided by jCIFS (which is a Java implementation of
CIFS) which is part of the SAMBA software.

The client is Windows .Net 3.5 WPF application that connects to the Java server
application and uses Ntlm to authenticate itself using a WCF service.

The problem is that I am getting is the following exception when I try to use
the web service:

"The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The
authentication header received from the server was 'NTLM
TlRMTVNTUAACAAAAHAAcADAAAAAFAoEASRw7FDseHL8AAAAAAAAAADgAOABMAAAAYQByAGQAZQBuAHQ
AaQBhAHMAZQBhAHIAYwBoAAIAHABhAHIAZABlAG4AdABpAGEAcwBlAGEAcgBjAGgAAQAQAFQATwBNAE0
AQQBIAEUAUgAAAAAA'."

However if I get the cliet WPF application to use a '.Net Framework 2.0 Web
Services technology' web service then everything works fine and the client is
authenticated.

I'm assuming it must be some sort of configuration issue either with the client
(WCF config issue) or the server (jCIFS config issue).

Does anyone have any ideas???



The web service is done over a basic http connection (no SSL).

The WCF settings are as follows:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="TrustedWebServicePortBinding" 
                	closeTimeout="00:01:00"
                    	openTimeout="00:01:00" 
                    	receiveTimeout="00:10:00"
			sendTimeout="00:01:00"
                    	allowCookies="false" 
                    	bypassProxyOnLocal="false"
			hostNameComparisonMode="StrongWildcard"
			maxBufferSize="65536" 
			maxBufferPoolSize="524288"
			maxReceivedMessageSize="65536"
			messageEncoding="Text" 
			textEncoding="utf-8"
			transferMode="Buffered"
			useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" 
                    		maxStringContentLength="8192"
				maxArrayLength="16384"
				maxBytesPerRead="4096" 
				maxNameTableCharCount="16384" />
                    <security mode="TransportCredentialOnly">
                        <transport clientCredentialType="Ntlm"
				proxyCredentialType="Ntlm"
				realm="" />
                        <message clientCredentialType="UserName"
				algorithmSuite="Default" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <client>
            <endpoint 
            	address="http://localhost:8080/services/TrustedWebService"
                binding="basicHttpBinding"
		bindingConfiguration="TrustedWebServicePortBinding"
                contract="TrustedService.TrustedWebService"
		name="TrustedWebServicePort" />
        </client>
</system.serviceModel>


The jCIFS settings are as follows (the settings in the angled brackets
suppressed for this post but do have real values in the code):

jcifs.smb.client.domain = <My Domain>
jcifs.http.domainController = <Primary WINS server IP Address>
jcifs.netbios.wins = <Primary WINS server IP Address>, 
			<Secondary WINS server IPAddress>
jcifs.smb.lmCompatibility = 5
jcifs.smb.client.soTimeout = 500

More information about the jcifs mailing list